> Has ANYONE in this thread considered that we already have a possibly more
> secure mechanism for this, that could be combined simultaneously with
> authentication for use by a non-suid program?
>
> See unix(4) and its description of passing fd's via a "cmsghdr".
>
>how does this fix ping & traceroute as they currently stand?
they could be changed to do this:
int
main(int argc, char *argv[])
{
/* various declarations */
int p[2];
pipe(p);
switch (fork()) {
case -1: err(1, "fork");
case 0: close(p[1]); suid_function(); exit(0);
default: close(p[0]); setuid(getuid()); break;
}
...
and then it could repeatedly ask for the sockets that it needs,
without you having to audit anything except suid_function().
--
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org * "ah! i see you have the internet
twofsonet@graffiti.com (Andrew Brown) that goes *ping*!"
andrew@crossbar.com * "information is power -- share the wealth."